package tls import ( "bytes" "crypto/x509" "encoding/pem" "errors" "fmt" "strings" "testing" "time" r "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" ) func TestLocallySignedCert(t *testing.T) { r.Test(t, r.TestCase{ Providers: testProviders, Steps: []r.TestStep{ r.TestStep{ Config: fmt.Sprintf(` resource "tls_locally_signed_cert" "test" { cert_request_pem = < (2 * time.Minute) { return fmt.Errorf("certificate validity begins more than two minutes in the past") } if cert.NotAfter.Sub(cert.NotBefore) != time.Hour { return fmt.Errorf("certificate validity is not one hour") } caBlock, _ := pem.Decode([]byte(testCACert)) caCert, err := x509.ParseCertificate(caBlock.Bytes) if err != nil { return fmt.Errorf("error parsing ca cert: %s", err) } certPool := x509.NewCertPool() // Verify certificate _, err = cert.Verify(x509.VerifyOptions{Roots: certPool}) if err == nil { return errors.New("incorrectly verified certificate") } else if _, ok := err.(x509.UnknownAuthorityError); !ok { return fmt.Errorf("incorrect verify error: expected UnknownAuthorityError, got %v", err) } certPool.AddCert(caCert) if _, err = cert.Verify(x509.VerifyOptions{Roots: certPool}); err != nil { return fmt.Errorf("verify failed: %s", err) } return nil }, }, }, }) }